Going a step further, the VPN gateways themselves can be backed up in case of failure. This case assumes the existence of a VPN connection between two gateways. In the event that one of the two VPN devices should fail, an ISDN connection is to take over the data transfer; in this case via a direct dial-in connection.
Regarding the configuration of this solution, we again assume a functional VPN connectivity of the two networks. The following additional steps are required:
- A standard ISDN network connectivity that routes the same subnets as the VPN connection is set up between the two ISDN routers. In the routing table, however, a distance is entered that is at least 1 higher than the corresponding route in the VPN gateway.
- The local RIP (RIP V2) is activated in all of the routers involved. This allows the VPN and ISDN routers to inform each other about the known routes to the remote sites. The higher distance of the route via the ISDN gateway is, under normal circumstances, the poorer route.
- It is not necessary to define backup connections in this case as a different device should take over the data transmission.
If there is a disturbance in the connection between the VPN devices, the value for the distance of the corresponding routes changes automatically: A route which is not available is marked with a distance of 16. Consequently, the route entered into the ISDN router automatically becomes the "better" solution and all data packets will be re-routed over the ISDN connection. As soon as the VPN connection is re-established, the distance changes to a value below that of the ISDN connection and the backup will be terminated as intended.
